Posts by Christian Kirsch

2 min Metasploit

Why Security Assessments Must Cover IPv6, Even In IPv4 Networks

What's your company doing to prepare for IPv6? Probably not an awful lot. While 10% of the world's top websites now offer IPv6 services, most companies haven't formulated an IPv6 strategy for the network. However, the issue is that most devices you have rolled out in the past 5 years have been IPv6-ready, if not IPv6-enabled. Windows 7 and Windows Server 2008 actually use IPv6 link-local addresses by default. Also think about all the other clients, servers, appliances, routers, and mobile device

3 min Metasploit

Testing the Security of Virtual Data Centers

If you are doing security assessments, you are probably running into virtual servers every day. According to analyst firm Gartner, 80% of companies now have a virtualization project or program. With the recent 4.2 release of Metasploit, your next penetration test should be much more fun. For example, Metasploit now flags ESX Servers as virtual hosts in the user interface: If you are managing virtual servers, you may have come across the VMware vSphere Web Services SDK. It's a powerful way to

2 min Metasploit

Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation

When we talk to Metasploit users, they usually use it for either penetration testing, password auditing or vulnerability validation, but few use it for more than one of these purposes. By leveraging your investment in Metasploit, you can triple-dip at the same price - no extra licenses needed. Penetration Testing With penetration testing, you can identify issues in your security infrastructure that could lead to a data breach. Weaknesses you can identify include exploitable vulnerabilities, we

1 min Metasploit

How to Scan Your Network for Open H.323 Video Conferencing Systems

We've had a lot of people ask us how they can scan their own network to find out if they are vulnerable to the video conferencing issue described in HD's blog post Board Room Spying for Fun and Profit [] and the various news coverage of the video conferencing story. Here's a quick how-to: 1. Download a free trial of Metasploit Pro [

3 min Nexpose

How to Exploit A Single Vulnerability with Metasploit Pro

Metasploit Pro's smart exploitation function is great if you want to get a session quickly and don't care about being "noisy" on the network, but there are certain situations where you may want to use just one exploit: * You're conducting a penetration test and want to exploit just one vulnerability so you don't draw too much attention (i.e. you want to use a sniper rifle, not a machine gun) * You're a vulnerability manager and want to validate just one vulnerability to know whether

1 min

How to Import Vulnerability Scanner Reports Into Metasploit

It's easy to import third-party vulnerability scanning results into Metasploit. These formats are supported: * Acunetix XML * Amap Log * Appscan XML * Burp Session XML * Core Impact Pro XML * Foundstone Network Inventory XML * IP Address List * Libpcap * Microsoft MBSA SecScan XML * nCircle IP360 (XMLv3 & ASPL) * Metasploit PWDump Export * Metasploit Zip Export * Metasploit XML * NetSparker XML * Nessus XML (v1 & v2) * Nexpose Simple XML * Nexpose XML Export * Nmap XML * Qu

2 min Metasploit

Remote-controlling Metasploit through APIs

Metasploit offers some great ways to automate its functionality through a programming interface. Metasploit users have built custom tools and processes based on this functionality, saving them time to conduct repetitive tasks, or enabling them to schedule automated tasks. Our most advanced customers have even intgrated Metasploit Pro into their enterprise security infrastructure to automatically verify the exploitability of vulnerabilities to make their vulnerability management program more effi

1 min Penetration Testing

Is Your Data Too Sensitive For A Penetration Test?

If you are a security professional, you may have heard your executives say that their data is too sensitive for a penetration tester to read. If you're a consultant, this may be an objection you've heard from your customers. I was very surprised the first time I heard it, because the argument doesn't hold water up if you think it through. Your counterpart acknowledges two facts: 1. The data is highly sensitive. 2. There is a chance that a penetration tester could successfully access the

1 min

Powering CCDC Red Teams with Nexpose & Metasploit

The 2012 season has started for the Collegiate Cyber Defence Competitions (CCDCs). At Rapid7, we think these events are excellent for the community to train the next generation of cyber defenders. Typically, the students learning experimence starts with the Red Team taking over their servers, messing with passwords, and formatting hard drives remotely. Most students will have their spirits crushed within the first couple of hours, followed by a steep learning curve. We appreciate that the CCDC

2 min

Get CPE Credits For Attending Free Rapid7 Online Webinars

Hopefully you're enjoying our webinars for their content, but did you know that you're eligible to receive 1 CPE credit per webinar you attend? There's no need to send us your CISSP number, just self-report in the (ISC)2 portal. Here's how you do it (click on the images to enlarge): 1. Ensure you archive your webinar registration confirmation email in case you get audited in the future. 2. Login into the (ISC)2 website and click on Submit CPEs. 3. On the next screen, scroll to the v

3 min

How You Can Efficiently Audit Passwords With Metasploit

While unpatched systems are often the first stepping stone of a breach, it's often weak or shared credentials that help attackers intrude deeper into the network and breach sensitive data. Common problems are: * Weak passwords that lack length or complexity * Passwords contained in dictionaries * Passwords that are easily guessed based on information about the infrastructure * Vendor default passwords * Replaying cached credentials * Re-use of passwords across trust zones * Develo

1 min

Q&A Transcription: Security War Stories - Life on the Front Lines of a Breach

The recording of the webinar "Security War Stories: Life on the Front Lines of a Breach" is now online []. Big thanks to Jack for a great presentation, and huge thanks too all of the participants for the great questions and input, which I've included in the Q&A transcription. Webinar resources: * Webinar recording [] * Webinar slides [

1 min Nexpose

Three Ways to Integrate Metasploit With Nexpose

Metasploit has three ways to integrate with Nexpose vulnerability scanner. I've heard some confusion about what the different options are, so I'd like to summarize them here briefly: 1. Importing Nexpose reports: This is a simple, manual file import. Apart from Nexpose, Metasploit can import about 13 different third-party reports from vulnerability management solutions and web application scanners. This feature works in all Metasploit editions. 2. Initiate a Nexpose scan from Met

3 min Metasploit

How to Fly Under the Radar of AV and IPS with Metasploit's Stealth Features

When conducting a penetration testing assignment, one objective may be to get into the network without tripping any of the alarms, such as IDS/IPS or anti-virus. Enterprises typically add this to the requirements to test if their defenses are good enough to detect an advanced attacker. Here's how you can make sure you can sneak in and out without "getting caught". Scan speed First of all, bear in mind that you'll want to slow down your initial network scan so you don't raise suspicion by crea

1 min Metasploit

Bait the hook: How to write good phishing emails for social engineering

What are the baits that make people click on a link or attachment in a social engineering email? I've looked at some common examples and tried to categorize them. Maybe this list will trigger some ideas next time you're writing social engineering emails. Habits: Think of this as exploiting the brain's auto-pilot - standard email triggers standard response of opening attachment or clicking on link: * LinkedIn connection requests * GoToMeeting invitations * Daily reports from a CRM/ERP sys